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(54) A method for protecting embedded system software and embedded system 



(57) The invention pertains to a software protection 
method that finds particular utility in embedded systems. 
The protection is based on authentication carried out en- 
tirely by means of hardware. A system includes a secu- 
rity circuit integrated on the same microcircuit with a 
processor. As the system is started, the security circuit 
reads (404) from the program memory certain portions 
of the program code and calculates (405) in accordance 
with a certain algorithm one or more identifiers. Secret 
code stored in the security circuit is used as operands 
in the calculation. The identifiers calculated are com- 



pared (406) to correct ones and system use is enabled 
(408) only if the identifiers match. For further protection 
it is possible to use a program memory circuit which has 
a component-specific identification code and to check 
(403) and use as operand (405) said identification code. 
The security circuit may also be used to decrypt an en- 
tirely encrypted program. The method makes the mis- 
use of embedded system software considerably more 
difficult than in known systems. In addition, compared 
to software-based authentication, the protection uses 
less system resources. 
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Description 

[0001] The invention relates to methods defined in the 
preambles of claims 1 and 2 for protecting embedded 
system software against misuse. The invention also re- 
lates to an embedded system defined in the preamble 
of claim 6. 

[0002] In general-purpose computers, software resid- 
ing in the working memory or disk storage can be. read 
and modified by means of the operating system or sim- 
ple utility programs. In embedded systems, the software 
is usually located in a programmable non.-volatile mem- 
ory, and the system lacks a user interface that would 
allow the software to be manipulated from outside the 
system in the ways described above. However, an ex- 
pert using appropriate equipment can read the contents 
of the memory and even re-program it. Someone may 
manipulate the program memory in order to obtain .in- 
formation or to cause damage. Therefore it is advanta- 
geous to be able to verify the integrity of the software. 
Good software integrity means that the software is intact 
and not manipulated in ways other than what is required 
by the normal continuous operation of the system. Soft- 
ware protection comprises software integrity authenti- 
cation and an arrangement for authenticating the integ- 
rity. * . - - ; - 
[0003] From the prior art it is known software-based 
methods for the protection of embedded system soft- 
ware. An authentication program is stored in program 
memory e.g. to calculate identification codes according 
to a. predetermined. algorithm using the program code 
proper and to compare them to known correct codes. If 
the.authentication program detects an error, ft prevents 
the application from starting and possibly generates an 
alarm; A disadvantage of the method is that a skilled 
invader may e.g. . eliminate the authentication program 
and then alter the program code or even re-program the 
authentication procedure such that it will not reveal" the 
alterations made. An additional disadvantage is^that a 
functioning copy of the program can be made in another 
memory circuit without the authentication procedure 
preventing it. 

[0004] From the prior art it is also known partly hard- 
ware-based software protection methods that can be 
applied to embedded systems as well. A system in- 
cludes e.g. a secret auxiliary circuit into which identifi- 
cation codes have been stored. Identification codes cal- 
culated on the basis of the operating program must 
match with those in the auxiliary circuit. Therefore, al- 
tered programs will not work. Likewise, program copies 
will not work in another environment. A disadvantage of 
the method is that the calculation and comparison of 
codes is software-based, so examination of the proce- 
dure is possible by monitoring and storing the data traffic 
on the system bus. An additional disadvantage is that 
software-based calculation may reserve system re- 
sources to a considerable extent if the software to be 
authenticated is large. 



[0005] An object of the invention is to reduce said dis- 
advantages of the prior art. The software protection 
method according to the invention is characterized by 
what is expressed in the independent claims 1, 2, and 
5 6. Preferred embodiments of the invention are present- 
ed in the dependent claims. 

[0006] The basic idea of the invention is as follows: 
The integrity of software in an embedded system is ver- 
ified entirely by hardware. To that end the system in- 

1Q eludes a security circuit that may be integrated in the 
same micrbcircuit with the processor. In addition to the 
software being protected, also a component-specific 
program memory circuit identification code is stored in 
the system's program memory! As the program is start- 

is ed the security circuit reads said identification code from 
the program memory as well as part of the program 
code. Then the security circuit computes on the basis of 
said codes a software identification code, using a pre- 
determined algorithm and a secret code stored in the 

20 security circuit. Then the security circuit compares the 
software identification code thus obtained to the correct 
identification code. The operating program starts only if 
the identification codes match. The security circuit may 
also be arranged so as to decrypt an encrypted operat- 
es ing program during execution: • ' 

[0007] An advantage of the invention is that misuse 
of embedded system software is considerably more dif- 
ficult than in "systems using fully or partly software -based 
protection. This is because hardware-based authentica- 

30 tion makes the system more closed; its operation, is 
more difficult to monitor than in known systems. If the 
contents of the program memory were somehow 
changed, the result would be a non-functioning pro- 
gram. Likewise, if by some means one would succeed 

35 in copying the contents of the program memory into an- 
other circuit, the resulting program would not function 
because of a missing or incorrect memory circuit iden- 
tification code. Another advantage of the invention is 
that standard circuits can be used as program memory 

40 circuits as long as they have unique identification codes 
: that canhot.be altered. Yet another advantage of the in- 
vention is that the software integrity calculation does not 
require that possibly large programs be transferred to 
the processor and back. A further advantage of the in- 

45 vention is that it can be applied to encrypting the whole 
application software, which is one way of protecting the 
software. 

[0008] The invention will now be described in more 
detail. In the description, reference will be made to the 
so accompanying drawing wherein 

Fig. 1 shows the general construction of an embed- 
ded system and an example of the location of 
an authentication program according to the 
55 prior art, 

Fig. 2 shows an example of software authentication 
according to the prior art, 

Fig. 3 shows an example of the construction of an 
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- embedded system according to the invention, 
Fig. 4 shows an example of software authentication 

according to the invention, and 
Fig. 5 shows a second example of software authen- 
tication according to the invention. s 

[0009] Fig. V.shows an embedded system "in a simple 
block diagram. It comprises a processor. 1 i , program 
memory 12, other hardware 13, and a bus .14. Here, a 
processor means just an execution block for" program io 
instructions. The program memory 12 includes the sys- 
tem's operating program 121 and in accordance with the" 
prior art, an authentication program 122. The. program, 
memory is usually a separate, advantageously a.f lash- 
type memory circuit. The bus .1 4 connects the elements, 
ot the system. It includes the necessary data, address, 
and control lines.- ■-,-.*.-. - . . .... . • 

[0010] ; Fig. 2 shows in the form of a flow diagram an 
example of the operation of an authentication" program 
122 according to the prior art. The authentication pro- 
giain is started in block 201 . Start-up is initiated at least 
by turning on the operating voltage of. the. system. In 
block 202 the authentication program, reads the sys- 
tem's operating program code 121 ..In block 203 the au : 
thcnticanon program calculates according tp a certain 
algorithm an identification code, or signature, on the ba- 
sts oi the program code read, and in block..204 said sig- 
nature is compared to a known correct signature. If the 
signatures do not match, the authentication program 
prevents, the system's operating program from starting 
and. thus, the system.from being used (block 205). If the 
signatures do match, : it is checked in accordance with 
block 206 whether there is still program code left. If there 
is, operation according to.blocks 202-206 is repeated. 
If all signatures are correct, the authentication program 
enables the use of the system (block 207). Execution of 
the authentication program ends in block. 20.8. . \ ( ._ 
[0011] Fig. 3 shows an example. of the arrange rrient 
according, to the invention. Jt comprises a processor 
block 31, program memory 32 r ' other hardware 33,/ahd 
a bus 34, as Jn the construction shown in Fig, 1 . An es- 
. .sential difference from the construction according to Fig. 
1 is that the processor block 31 includes^ in addition to 
the processor 311 proper, a security circuit 312 where 
the hardware-based calculation according to the au- 
thentication algorithm is carried out using secret logic. 
Secret code SC is also stored in the security circuit. The 
security circuit 312 may be located in a separate micro- 
circuit, but it is advantageous to integrate it in the same 
circuit with the processor as the operation of the system 
will then be more difficult to monitor. In addition to the 
operating program 321 , also a component-specific iden- 
tification code 323 is stored in the program memory 32 
to provide enhanced security. 

[0012] Fig. 4 shows in the form of a flow diagram an 
example of the operation of the security circuit 31 2. The 
operation starts in block 401 . Start-up is initiated at least 
when the system's operating voltage is turned on. The 



above-mentioned component-specific program memo- 
ry identification code 323 is read in block 402. In block 
403, the identification code 323 is compared to the cor- 
rect one. If they do not match, the authentication proc- 
ess goes no further, but the use of the system is disabled 
in accordance with block 407. The identification code is 
incorrect e.g. if the program memory circuit has been 
switched into another one that contains a copy or mod- 
ified version of the system's operating program. If the 
identification code is correct , a key code and secret code 
are read in block 404. The key code refers to selected 
portions of the operating program code or to codes cal- 
culated earlier from the operating program code. The 
key code is read from the program memory through the 
is bus 34. The secret code refers to codes SC used as 
operands and stored by means of hardware in the se- 
curity circuit 312. Reading of the code is a transaction 
iriterriai to the security circuit 312. In block' 405, a sig- 
nature is calculated according to an algorithm. The al- 
2b gbrithm may be e.g. of the cyclic redundancy check 
(CRC) type. 'in which case the calculation occurs' in a 
shift register connected by imeans of XOR (exclusive- 
or) gates. In that' case,' the secret code comprises the 
divisor of a division carried out using the modulo-2 prin- 
ts ciple. the algorithm may also be in accordance with an 
encryption method using a public key, such as RSA 
(Rivest-Shar^ or DES (Data Encryption 

Standard). In these cases;' the 1 secret code comprises 
the secret keys required by 'said methods. The program 
30 me'moVy identification code"323 rfiay be used as an ad- 
ditional operand in the calculation' in* block 405: rh-blbe'k 
406 ^ signatur'e' retumed by tHe ; ' : carculatibhMS r com- 
pfei red idthe'cor/ecf sig^ signature calculated 

is incbtVect, use of the-system is disabled in accordance 
35 ' wittf btbck 407. ! The si^ e.g: if the'op- 

: e'ratinl^ If the signature cal- 

'^ulaled'is^ 312 enables sys- 

tem; use \biock 408) and ends the authentication proc- 
ess (bjrak^ 
40 [66l3"j Intheexample'depicted inFig. 4, only one pro- 
gram signature is calculated." Naturally the authentica- 
tion may also be performed in several stages, as in Fig. 
2, thus producing a plurality of consecutive signatures. 
[0014] Fig. 5 shows in the form of a flow diagram a 
45 second example of the operation of the security circuit 
312 according to the invention. In this example, the op- 
erating program is in the program memory in a fully or 
partly encrypted form. The encryption is carried out in 
accordance with the prior art. Operation of blocks 
so 501-503 is identical with that of blocks 401 -403 in the 
previous example. The memory circuit identification 
code check according to those blocks may also be left 
out. In block 505 the security circuit reads from the pro- 
gram memory one or more encrypted program instruc- 
55 tions starting from a certain address. In block 506 the 
instruction code or codes are decrypted by hardware in- 
to executable form in accordance with the encryption 
method used. Secret code stored in the security circuit 
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is used as operands in the decryption. In block 507 the 
security circuit checks whether the processor's regis- 
ters, where instruction codes are collected in queues, 
have room for new instruction codes. It not, i.e. the reg- 
isters are full, the process waits in accordance with block 
508. When room becomes available, a new instruction 
code is placed in the execution queue in the register in 
accordance with block 509. Then, in block 510, the se- 
curity circuit checks whether decryption of program 
code continues. The information comes from the proc- 
essor. If decryption continues, the security circuit reads 
the address provided by the processor (block 511 ). The 
next instruction is fetched from that address and oper- 
ation continues in accordance with blocks 505-510. 
When the processor informs that program execution 
ends, the security circuit naturally ends active operation 
(block 512) and remains waiting for a new start-up. 
[0015] In applications according to Fig. 5 it is particu- 
larly advantageous to integrate the security circuit in the 
same microcircuit with the processor. In that case all the 
code transferred through the system main bus 34, the 
communications of which can be monitored by means 
of suitable equipment, is encrypted. Plain code is only 
found inside the processor circuit. 
[0016] Above it was described solutions according to 
the invention. Details of operation may vary to a large 
extent, depending on the architecture of the embedded 
system and its processor as well as on the authentica- 
tion algorithm used. The inventional idea can be applied 
in different ways within the scope defined by the claims. 
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The method of claim 1 , characterized in that said 
identifier is calculated using a CRC-based method. 

The method of claim 1 , characterized in that said 
identifier is calculated using a public key based en- 
cryption method. 

An embedded system (30) comprising a program 
memory (32) and processor (311) and being ar- 
ranged so as to protect an operating program in the 
program memory by means of an algorithm, char- 
acterized in that said system (30) also comprises 
a security circuit (312) which contains secret logic 
and where secret code (SC) has been stored, said 
security circuit being arranged so as to perform, in 
hardware, calculations according to said algorithm. 

The embedded system of claim 6 wherein the pro- 
gram memory (32) is given a component-specific 
identification code (323), characterized in that it is 
arranged so as to use said identification code also 
in the protection of the system's operating program. 

The embedded system of claim 6, characterized in 
that said algorithm comprises an identifier calcula- 
tion method based on at least the operating pro- 
gram code (321 ) and secret code (SC) stored in 
said security circuit. 

The embedded system of claim 6, characterized in 
that said algorithm comprises a method for decrypt- 
ing encrypted program code (321) into executable 
program code. 



A method for protecting an operating program.in an. 
embedded system, wherein it is calculated on the 
basis of the operating program code located in the.- 
program memory at least one identifier in accord- 
ance with a certain algorithm using secret code as v 
operands, and the identifier obtained is compared 
to a correct identifier, characterized in that said se- 
cret code is stored in hardware arid said identifier 
calculation and comparison (404-406) are carried 
out substantially entirely by means of hardware. 

A method for protecting an operating program in an 
embedded system, wherein the system's operating 
program code is at least partly encrypted, charac- 
terized in that while the program is being executed, 
the decryption (505-511) of said encryption is car- 
ried out substantially entirely by means of hard- 



-35_ 10.*. The embedded system of claim 6, characterized in 
that said security circuit (312) and said processor 
: (311) are located in one and the same integrated 

* v "circuit.. 



40 11 



45 



The embedded system of claim 6, characterized in 
that it is a mobile communications device. 



so 



The method of claim 1 or 2 wherein a program mem- 
ory circuit is given a component-specific identifica- 
tion code (323), characterized in that the compo- 
nent-specific identification code is also used in the 
protection of said operating program. 
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(54) A method for protecting embedded system software and embedded system 



(57) The invention pertains to a software protection 
method that finds particular utility in embedded systems. 
The protection is based on authentication carried out en- 
tirely by means of hardware. A system includes a secu- 
rity circuit integrated on the same microcircuit with a 
processor. As the system is started, the security circuit 
reads (404) from the program memory certain portions 
of the program code and calculates (405) in accordance 
with a certain algorithm one or more identifiers. Secret 
code stored in the security circuit is used as operands 
in the calculation. The identifiers calculated are com- 
pared (406) to correct ones and system use is enabled 
(408) only if the identifiers match. For further protection 
it is possible to use a program memory circuit which has 
a component-specific identification code and to check 
(403) and use as operand (405) said identification code. 
The security circuit may also be used to decrypt an en- 
tirely encrypted program. The method makes the mis- 
use of embedded system software considerably more 
difficult than in known systems. In addition, compared 
to software-based authentication, the protection uses 
less system resources. 
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